This message was deleted.
# rke2a
adamant-kite-43734
12/13/2023, 12:32 AMThis message was deleted.
c
creamy-pencil-82913
12/13/2023, 12:52 AMYou want to automatically create DNS records for things, just by adding them as a hostname in an ingress rule?
b
bright-address-34562
12/13/2023, 12:53 AMideally, yes, but adding an extra resource is fine
c
creamy-pencil-82913
12/13/2023, 12:53 AMI’ve not seen anything that’ll do that….
creamy-pencil-82913
12/13/2023, 12:53 AMthings like external-dns will create records for loadbalancer-type services, but I’ve not seen anything that will do that for hostnames referenced in ingress rules
creamy-pencil-82913
12/13/2023, 12:54 AMusually folks just point a wildcard dns record at the ingress and slap a wildcard cert on it. That way whatever hostname you put in the ingress resource is already set up.
b
bright-address-34562
12/13/2023, 12:55 AMbut if the nodes change, the ingress ip would change, how should I deal with that? I don't feel like manually updating an ip is a good solution
c
creamy-pencil-82913
12/13/2023, 12:55 AMthats why people usually use an external loadbalancer, or something like kube-vip or metallb that will provision IPs for the loadbalancer service.
b
bright-address-34562
12/13/2023, 12:56 AMI experimented a little with kube-vip but ended up with a dead cluster though possibly unrelated to kube-vip
c
creamy-pencil-82913
12/13/2023, 12:56 AMIf you point things directly at the node IPs you’re tied to those node IPs not changing.
b
bright-address-34562
12/13/2023, 12:56 AMI tried adding a second vlan interface to the nodes for kube-vip to use for lb, but the interface didn't come up and I couldn't figure out what to put in the cloudinit
c
creamy-pencil-82913
12/13/2023, 12:57 AMI’ve not ever seen anyone try to add a second interface just for VIPs… why would that be necessary?
b
bright-address-34562
12/13/2023, 12:58 AMI just wanted to try it, keeping traffic and management separate
c
creamy-pencil-82913
12/13/2023, 12:58 AMI would probably look at existing patterns for what you’re trying to do, and work on successfully implementing one of those, instead of trying to invent something new.
b
bright-address-34562
12/13/2023, 12:59 AMsounds like a good idea, got a resource for that I can look over?
c
creamy-pencil-82913
12/13/2023, 1:00 AMI would try to get metallb or kube-vip working, use one of those to expose your ingress service, and then point a DNS wildcard at that VIP.
creamy-pencil-82913
12/13/2023, 1:00 AMI believe harvester also has a loadbalancer service controller though, doesn’t it?
creamy-pencil-82913
12/13/2023, 1:00 AMany reason why you’re not using that?
b
bright-address-34562
12/13/2023, 1:00 AMto use metallb, I would need to set that up on a separate vm, yeah? kube-vip sounds more appealing to me in this use case
bright-address-34562
12/13/2023, 1:01 AMor can I get rancher to set up metallb on the nodes it provisions in harvester somehow?
c
creamy-pencil-82913
12/13/2023, 1:01 AMDid you try using what comes with harvester?
https://docs.harvesterhci.io/v1.2/networking/loadbalancer/#guest-kubernetes-cluster-load-balancer
b
bright-address-34562
12/13/2023, 1:03 AMno, I have not.. the docs are kind of hard to read for me due them not supporting dark mode, so I've just skimmed parts as I stumbled into them via google
bright-address-34562
12/13/2023, 1:03 AMthanks, I'll look over that section of the doc and do some more experimentation when time allows 🙂
bright-address-34562
12/13/2023, 1:05 AMfor right now I need to go figure out what happened to my harvester, it kind of appears to have died when I was setting up this test rke2 cluster on it
bright-address-34562
12/13/2023, 1:26 AMseems like it had restarted, and the box is a bit weird in that it won't boot without an attached display. also had some more ram to double what I had in it 🙂
bright-address-34562
12/13/2023, 2:02 AMafter the little unexpected reboot, the cluster node provisioning is struggling a little..
Copy code
Failed creating server [fleet-default/infra-pool1-12e24e65-bc9r6] of kind (HarvesterMachine) for machine infra-pool1-5c548759cfx5956p-klcxr in infrastructure provider: CreateError: Downloading driver from <https://rancher.runsafe.no/assets/docker-machine-driver-harvester> Doing /etc/rancher/ssl docker-machine-driver-harvester docker-machine-driver-harvester: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped Trying to access option which does not exist THIS ***WILL*** CAUSE UNEXPECTED BEHAVIOR Type assertion did not go smoothly to string for key Running pre-create checks... Error with pre-create check: "an error on the server (\"error trying to reach service: cluster agent disconnected\") has prevented the request from succeeding (get settings.harvesterhci.io server-version)" The default lines below are for a sh/bash shell, you can specify the shell you're using, with the --shell flag.Unavailablea
acoustic-addition-45641
12/13/2023, 7:24 PMGoing back to the original question, I've been looking at both ExternalDNS (https://github.com/kubernetes-sigs/external-dns/tree/master) and Hashicorp Consul (https://www.consul.io/use-cases/discover-services).
My use cases are:
1. Have services that grab a MetalLB IP dynamically update an upstream InfoBlox IPAM that owns the IP range that MetalLB is configured with. ExternalDNS looks promising.
2. Have services that need external SSL offload receive a load balancer entry on a central NGINX load balancer. Consul appears to be able to do this, though it may require a dedicated NGINX instance just for Consul.
I know that these options are not DNS delegation, but maybe dynamic DNS updates or dynamic service registration may meet your core requirements.
b
bright-address-34562
12/13/2023, 11:56 PMdns updates would definitely fit my bill, so long as windows dns server or bind are the ones being supported
bright-address-34562
12/16/2023, 6:39 PMhad a look at the harvester lb stuff just now and I didn't really want to use my harvester vlan for this
30 Views